US20160006820A1 - Encrypted VPN Connection - Google Patents
Encrypted VPN Connection Download PDFInfo
- Publication number
- US20160006820A1 US20160006820A1 US14/855,251 US201514855251A US2016006820A1 US 20160006820 A1 US20160006820 A1 US 20160006820A1 US 201514855251 A US201514855251 A US 201514855251A US 2016006820 A1 US2016006820 A1 US 2016006820A1
- Authority
- US
- United States
- Prior art keywords
- hardware device
- server
- address
- connection
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2521—Translation architectures other than single NAT servers
-
- H04L61/6022—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
Definitions
- Embodiments of the invention generally relate to network devices. More particularly, an aspect of an embodiment of the invention relates to access to and from networked devices.
- a local area network permits the interconnection of computers in a local or limited area.
- an office or work site may create a computer network that interconnects computers, printers, scanners, and other resources to a single network to provide access by multiple users.
- the Internet is a large collection of networks that interconnects computers over a larger geographic area.
- the Internet uses the protocols TCP/IP suite to allow devices on one network to automatically communicate with other devices that may be on the same or remote networks. Each such device is assigned an IP address for each active network interface, which allows network infrastructure components to automatically route traffic between target devices.
- each available device in order to access one device across a network or internet, each available device must be assigned a unique internet protocol (“IP”) address to identify the target device.
- IP internet protocol
- the addresses are referred to as non-routable addresses because it is not possible to establish a route (that is, a path through a set of network infrastructure devices) such that traffic from a device on the local network may reach a network interface with the non-routable address on a remote network. This is very common when installing a unique device on a network that automatically assigned an IP address during the installation process. If an administrator just chooses the automatically assigned address, then the same device on different networks will be addressed the same. If more than one network containing this same device is then connected, the two devices are non-routable since their addresses are no longer unique.
- a target device may be assigned the same IP address as another device if contained in separate private networks, to alleviate the shortage of unique IP addresses available.
- Such private IP addresses are similarly non-routable if the private networks are later connected.
- Such non-routable IP addresses lead to greater complexity as administrators seek alternative mechanisms to provide access to remote devices without routable addresses.
- Network administrators may seek to limit access to specific devices on a local network, while still providing remote access to other devices.
- a network administrator may limit access by developing and deploying network filtering devices or applications that allow them to specify specific address and port combinations that are granted or denied access to or from the remote connection.
- a dedicated device or client software may be installed on the local network that functions as a networked device. This dedicated device or software then acts as a host, assigned with a unique IP address, that all traffic to and from the remote network is automatically routed through the dedicated device or client.
- This dedicated device or software acts as a host, assigned with a unique IP address, that all traffic to and from the remote network is automatically routed through the dedicated device or client.
- Specialized software and/or hardware must be installed at the local network and possibly on each device given access to the remote connection through the dedicated device. Other considerations, such as security credentials must be set and maintained. Accordingly, a significant administrative burden is required to initialize and maintain such a remote system.
- a method, apparatus, and system are described that provides fully automated network access to remote networked devices.
- the device and system permits the remote access of a local network without any pre-configuration or administrative burden at the local network.
- Embodiments as described herein provide a “plug and play” option to insert a device into the local network and provide access to select target devices on the network, even non-routable devices, without first requiring dedicated host software or other administrative privileges or configurations be set at the local network.
- Embodiments as described herein may be applied to a virtual private network (“VPN”).
- the device and system may utilize a VPN tunnel call-back to initiate and configure the connection, thus alleviating the need for administrative overhead at the local network.
- Embodiments may also utilize low overhead and low bandwidth while maintaining high security. For example, encryption and secure tunneling may be employed to provide network security to the local network.
- Embodiments may also include a plug and play device located at the local network in conjunction with a remote server to permit the connection of multiple devices of one network to multiple devices from another network.
- the system and device may also permit the point to point connection between two separate devices.
- Embodiments of the system may also utilize network address translation (“NAT”) to handle conflict addressing on the local network of non-routable addresses.
- NAT network address translation
- FIG. 1 illustrates an embodiment of a system to access multiple local networks on a remote user through a server
- FIG. 2 illustrates an embodiment of a hardware device to connect to local networks
- FIG. 3A-B illustrates an exemplary communication process between the hardware device, server, and an end user
- FIG. 4 illustrates an exemplary system utilizing a hardware device to connect a local network to remote users according to an embodiment of the invention
- FIG. 5A-B illustrates one or more application interfaces that permit a user to set desired control parameters for the local network connected through the hardware device.
- various methods, and apparatuses are described that provide a system to access devices on a local network using a simple plug-in device at the local network without the need of administrative overhead at the local site.
- the invention is not so limited to a separate plug-in device.
- Embodiments as described herein including for the hardware device and/or server may be incorporated into one or more other hardware devices.
- the device may be incorporated into a local network to provide access to the device itself as well as other devices on the network.
- embodiments of the hardware device described herein may be incorporated into a device to provide remote access to a user connected to a network or directly to the Internet.
- the system generally utilizes a local plug-in device that is remotely followed by a server to permit multiple devices on multiple local networks to connect to other multiple users (many-to-many connection).
- the local plug-in device utilizes a call-back to create a virtual private network (“VPN”) tunnel with the remote server.
- VPN virtual private network
- the plug-in device Once the plug-in device is powered and connected to a local network or device, it may initiate a VPN to a home IP address associated with a server. Encryption may be overlaid to create a secure tunnel back to the local network.
- a remote user may remotely access the server and then any device made available through the plug-in device at the local network.
- the server provides a remote administrator various monitoring and set-up options, such as network address translations (“NAT”) to remotely handle the overlay of virtual addressing on otherwise non-accessible target devices.
- NAT network address translations
- a VPN connection is established from any location to a controlling location using a network attached device at the local premise accessing the internet over Port 443.
- a network attached device may be a hardware device installed at a location that may use Dynamic Host Configuration Protocol (“DHCP”) to obtain an Internet Protocol (“IP”) address and is connected over port 443 to an outside address designed in the physical device.
- DHCP Dynamic Host Configuration Protocol
- IP Internet Protocol
- the tunnel is established with Secure Web (HTTPS) and other service options to create an encrypted VPN.
- HTTPS Secure Web
- FIG. 1 illustrates an embodiment of a system to access multiple local networks of a remote user through a server.
- a hardware device 102 may be installed at a local network 104 .
- the local network 104 may consist of a single computer or device or may be a network of devices that is contained within a building or area.
- the hardware device 102 creates a VPN tunnel to a server 106 .
- a remote user 108 may then access the server 106 through a second VPN.
- the first and the second VPNs permit the user remote access to the devices on the local network 104 .
- one or more local networks may utilize one or more hardware devices to create one or multiple VPNs connected to the server 106 .
- Server 106 may provide virtual addressing to provide access to multiple devices at multiple locations, even if the locations all have identical IP address schemes.
- the system 100 provides connection to field sites with a tool that will improve security, assure a quality connection and reduce costs.
- the hardware device 102 provides a low-cost, high security, reliable VPN that is “plug-and-play.”
- the hardware device 102 is connected to a local network 104 and provides a miniaturized PC to create a VPN to a remote server.
- hardware device 102 may include a power source and network connection capability.
- the hardware device 102 may include security features through software or hardware to prevent tampering or attempted hacking, such that the device will not work or initiate if modified.
- the hardware device 102 includes an AC Power Plug 202 to plug into a wall outlet.
- the AC Power Plug 202 provides power to the plug-in hardware device 102 .
- the hardware device 102 may also include a network port 204 to connect the device to a device or network.
- the hardware device 102 may also include one or more indicators (not shown), to indicate the status of the device.
- the indicator (not shown), for example, may be an LED that flashes at a set rate or at a specified color depending on the status of the device, e.g. initializing, transmitting, receiving, idle, or not connected.
- the device may also include a secondary port 206 to provide alternate connectivity to the hardware device 102 .
- secondary port 206 may be a USB port used to connect to non-network technology including communication technologies such as GSM. Such connectivity may be used when there is no Internet connection or as a secondary communications path.
- the hardware device 102 may be compact for easy delivery and installation at a local network site.
- the hardware device 102 may include a PC, such as a 102 GHz CPU running a high performance Linux kernel with 1 GB memory and network access through a gigabit Ethernet port.
- the hardware device 102 may be powered from a 2-prong standard 115V wall socket.
- the compact physical device brings a powerful computer in a great low cost package.
- the hardware device 102 may include an additional or alternative power source, network connection capabilities, or indicators.
- a battery or other DC power source may be included in addition or as an alternative to the AC power source.
- One or more ports may be included to provide various network connections to the device.
- Other wired or wireless connections may be included or utilized separately or in combination to provide the hardware device access to the local network or to another device.
- FIG. 3A illustrates an exemplary communication process between the hardware device 102 and server 106 .
- the hardware device obtains an IP address to communicate over the network.
- the hardware device 102 may be provided network access through a Dynamic Host Configuration Protocol (“DHCP”) server to assign the device a local IP Address.
- DHCP Dynamic Host Configuration Protocol
- the hardware device 102 may be preconfigured with an assigned static IP address.
- the hardware device connects over the network to an identified IP address.
- the device connects over port 443 (HTTPS) to a pre-configured IP address.
- HTTPS HTTPS
- the pre-configured IP address directs the hardware device to a “home” location such as a host server that provides a catalog of the configuration data for each hardware device.
- the pre-configured IP address is associated with a host server that includes the configuration parameters and certificates required for the hardware device.
- the device may connect over a different port, such as port 80 or a statically defined outbound network port.
- the device is a “plug-and-play” device as it requires connection to a power source and the network as the only administrative set-up overhead.
- the device initiates a call-back routine so that it automatically attempts to connect to a pre-configured IP address, or “home”. Once the connection is made, additional security may be overlaid to create a secure tunnel between the device and “home”, i.e. the host server.
- step 306 the hardware device obtains the configuration parameters associated from the host server.
- the hardware device includes memory to store the pre-configured IP address as well as the obtained configuration parameters and certificates.
- the hardware device After receiving the configuration parameters, step 308 , the hardware device terminates the configuration connection, and connects to the IP address of a desired server as provided in the received configuration parameters. For example, the hardware device may connect to an identified IP address over port 443 (HTTPS) to form the encrypted tunnel to the server.
- HTTPS HTTPS
- an indicator light may signal to the installer that the communication connection is complete and active.
- port 443 is preferred to create a secure and encrypted tunnel to a server using HTTPS.
- port 80 or other defined port may be used to create the connection.
- FIG. 3B illustrates an exemplary communication process between the remote user 108 and the server 106 and ultimately to devices on a local network 104 through the hardware device 102 .
- a user may connect to the server connected to the hardware device.
- the connection may be through a Windows VPN client.
- the user may launch a web-browser and enter a URL to navigate to a web controller page.
- the connection may be through a PPTP VPN tunnel to provide secured access to the device.
- Security access controls may be incorporated into the connection to the server.
- the host server may identify the user and controls access to any field devices before a connection is authorized.
- a user may alternatively use Microsoft PPTP client built into Windows to create a VPN to the hardware device through the server.
- a combination of connections may also be implemented, such that for example, an administrator may use the URL to create a secure tunnel, while a user attempting access to a remote device only may use the Microsoft client for simplicity.
- a user may have access through the server to the devices of the local network coupled to the hardware device. Based on a user's rights, they may have network connectivity to one or more devices on a monitored local network of the hardware device.
- a remote user may access the server, for example for administration and configuration of locations and users, through a web portal.
- FIG. 4 illustrates an exemplary system 400 utilizing a hardware device 402 to connect a local network 404 to remote users 408 .
- Professional IP device monitoring and VPN access offerings may be combined to create a tool for system integrators.
- the server may be hosted as a service.
- the hardware device 402 is configured to call a Network Operations Center (NOC) 406 to create the secure VPN to remote users.
- NOC Network Operations Center
- the hardware device 402 may utilize a call-back with secure tunneling to create a VPN 410 between the local network 404 and the NOC 406 through the hardware device 402 and a server at the NOC 406 .
- NOC Network Operations Center
- a VPN is established between a point-to-point, such that only a single user is connected.
- Providing the connection between the hardware device and a server permits a many-to-many connection between the devices of the local network and the remote users.
- Monitoring may also be provided through the NOC 406 .
- the hardware 402 executes device monitoring tests reported to the NOC 406 .
- Devices on the local network 404 such as cameras, DVRs, routers, switches, etc. maybe tracked and tested with standard checks, including ping test. Therefore, one or more remote users 408 may then access the local network 404 and selected devices by connecting to the NOC 406 through a second VPN 412 .
- the hardware device 402 provides access for remote users to a local network with limited network administrator involvement.
- the hardware device 402 is provided power and network access.
- the hardware device 402 may be plugged in through an AC power adapter and connected to a network through a network cable, as described above.
- the hardware device 402 may include an indicator to provide the status of the device. For example, once initialization is complete, an LED may light blue and pulse to indicate that the connection is complete and active.
- the hardware device 402 permits access to selected devices on the local network through the NOC 406 . Network administrators may then impose any access, encryption, or activity rules by accessing the NOC 406 . No physical presence of the Network administrator is required at the local network. Further, no installation of software or complicated network machinery is required at the local network site.
- the hardware device 402 may not store passcodes or data directly on the device to reduce or limit the actual set up of the hardware on site of the local network.
- a remote user 412 may access the NOC 406 through a web portal.
- Users and user groups may be established through the NOC 406 .
- User profiles may be stored in secure servers at the NOC 406 to provide additional information security and provide access from any location.
- the user profile may define which device on the local network can be accessed by any group or individual user. Once secure user access is established, the user does not need to register for site access, but can move freely among locations. Access may be granted to a remote user from any device, such as a laptop, PC, mobile device, handheld, or other smart device supporting workplace VPN connections.
- the VPN connections to and from the NOC 406 may be firewalled and transactions recorded for maintenance, review, or monitoring.
- the system 400 provides firewalled VPN activity and recordable transactions.
- a remote user is provided access to a local network through an encrypted tunnel over port 443/tcp, with a self-signed certificate with full revoke and reissue capabilities.
- the access is additionally provided via RSA Key 1024 bit and MD5 hashing.
- the server may include one or more applications that permit a user to set desired control parameters for the local network connected through the hardware device.
- the control applications generally depicted in FIG. 5 may be separated into a master controller and navigator controller so that certain functions may be provided to a client as a hosted system or service, such as the system set up depicted in FIG. 4 . Such an option may further reduce the administrative requirements on the person or company seeking to create remote connectivity between sites.
- the master controller and navigator controller may be combined into a single control capability so that a single user may control the parameters of the local network at a remote site, such as described in FIG. 1 .
- the control applications assigned between the master controller and navigator controller as described below are exemplary, but may be configured in any combination to give a user the desired level of control of a remote location.
- FIG. 5A illustrates exemplary parameters that a system controller may handle at a master controller level.
- the master controller may include creating parameters such as customer administration, hardware controller administration, and/or hardware administration.
- a master controller may assign a hardware device to a specific customer.
- the customer may be assigned an identity, an account code, such as for billing, and a code key required for customer login into the hardware controller, described below.
- Each hardware device may also be assigned a unique MAC address identified directly on the device and assigned to a specific customer through the hardware administration; the services allotted to that device may also be indicated, such as whether data monitoring is to occur on the target device connected by a specific hardware device of a customer. Therefore, a service provider may track a physical hardware device to a specific customer, and turn on and off specific features associated with the hardware device.
- Each client may be assigned with a host address so that when a hardware device is initiated, it obtains the location, permissions, and certificates required to connect to the desired host server. For example, the hardware device will create a secure tunnel to the master controller to obtain the required credentials to then connect to a desired client location.
- the host address i.e. second address connected, may be associated through the Hardware Controller Administration.
- the hardware device may be configured so that whenever it is powered on, it contacts the master controller to obtain an identity, permissions, and location for final connectivity.
- FIG. 5B illustrates exemplary parameters that a local client controller may handle at a hardware device controller level.
- Information, configuration, installation, and/or set-up protocols, commands, instructions, etc. downloadable to the hardware device may be provided through the hardware device controller level.
- Various access levels and group identities may also be handled through the hardware device controller level.
- an administrator may set up a Hardware Controller Administration to identify the client, and provide a code key that the client may use to access the local network connection through the hardware device.
- One or more host sites, IP addresses may be provided that the hardware device ultimately connects to after obtaining the location from the initial host configuration site.
- the hardware device may download one or more IP addresses to ultimately create the secure tunnel and provide access to users (i.e., Host Site 1 and 2).
- One or more access levels may be provided to various users accessing target devices on the local network connected through the hardware device. For example, an administrator may have access to all target devices on the local network, while certain employees may have access to only limited devices. As such, various groups may be created and users assigned.
- a conflict of internal addressing may occur when one or more local networks are connected together.
- Local network addressing of one device may duplicate another address of a second device within the architecture of the total access capability desired by the disclosed invention. Therefore, embodiments of the present invention provide for an overlay of virtual IP (VIP) addressing to handle the conflict of multiple devices.
- the server to which the device initially or ultimately connects may include a Network Addressing Translation (NAT) between a device of a local network identified through a specific hardware device and a VIP used to identify the target device external the local network. Therefore, each IP of a local network may be paired or overlaid with a corresponding VIP that is unique and addressable from external the local network.
- NAT Network Addressing Translation
- the hardware device controller may also permit the overlay of a VIP to an IP of a target device on the local network. Accordingly, the hardware device controller may include a NAT table to identify a specific device on the local network to a VIP addressable outside of the local network.
- reports and logs may also be maintained at a user, group, or device level so that an administrator may determine use and activity.
- a users log-in and log-out time, as well as active duration, VPN port, client host, destination host, protocol, etc. may be logged, searched, reported, etc. as necessary.
- a machine-readable medium includes any mechanism that provides (e.g., stores and/or transmits) information in a form readable by a machine (e.g., a computer).
- a machine-readable medium includes read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; Digital VideoDisc (DVD's), EPROMs, EEPROMs, FLASH memory, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
- the logic consists of electronic circuits that follow the rules of Boolean Logic, software that contains patterns of instructions, or any combination of both.
Abstract
Description
- This application claims the benefit of U.S. Provisional Patent Application No. 61/431,276 filed on Jan. 10, 2011, entitled “SGS Plug Pilot,” incorporated in its entirety herein by reference.
- A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the software engine and its modules, as it appears in the Patent and Trademark Office Patent file or records, but otherwise reserves all copyright rights whatsoever.
- Embodiments of the invention generally relate to network devices. More particularly, an aspect of an embodiment of the invention relates to access to and from networked devices.
- A local area network (“LAN”) permits the interconnection of computers in a local or limited area. For example, an office or work site may create a computer network that interconnects computers, printers, scanners, and other resources to a single network to provide access by multiple users. The Internet is a large collection of networks that interconnects computers over a larger geographic area. The Internet uses the protocols TCP/IP suite to allow devices on one network to automatically communicate with other devices that may be on the same or remote networks. Each such device is assigned an IP address for each active network interface, which allows network infrastructure components to automatically route traffic between target devices.
- Generally, in order to access one device across a network or internet, each available device must be assigned a unique internet protocol (“IP”) address to identify the target device. If an address is not unique, the addresses are referred to as non-routable addresses because it is not possible to establish a route (that is, a path through a set of network infrastructure devices) such that traffic from a device on the local network may reach a network interface with the non-routable address on a remote network. This is very common when installing a unique device on a network that automatically assigned an IP address during the installation process. If an administrator just chooses the automatically assigned address, then the same device on different networks will be addressed the same. If more than one network containing this same device is then connected, the two devices are non-routable since their addresses are no longer unique. Alternatively, a target device may be assigned the same IP address as another device if contained in separate private networks, to alleviate the shortage of unique IP addresses available. Such private IP addresses are similarly non-routable if the private networks are later connected. Such non-routable IP addresses lead to greater complexity as administrators seek alternative mechanisms to provide access to remote devices without routable addresses.
- Another concern presented by connecting one or more networks through the internet is the security threat involved. Network administrators may seek to limit access to specific devices on a local network, while still providing remote access to other devices. A network administrator may limit access by developing and deploying network filtering devices or applications that allow them to specify specific address and port combinations that are granted or denied access to or from the remote connection. Although these techniques help reduce security threats, they increase complexity and cost to administrators desiring seamless access to networked devices.
- To provide access to or between more than one network that may include the problems identified above, a dedicated device or client software may be installed on the local network that functions as a networked device. This dedicated device or software then acts as a host, assigned with a unique IP address, that all traffic to and from the remote network is automatically routed through the dedicated device or client. However, such a system is generally administratively complex and first requires an administrator to set up the devices on either network, before a connection may be created. Specialized software and/or hardware must be installed at the local network and possibly on each device given access to the remote connection through the dedicated device. Other considerations, such as security credentials must be set and maintained. Accordingly, a significant administrative burden is required to initialize and maintain such a remote system.
- Given these challenges, there exists a need for a mechanism to allow simplified and automated access to remote devices using non-routable addresses without the use of dedicated host software and without requiring network administrator privileges on the remote network to set up, maintain or operate the solution.
- A method, apparatus, and system are described that provides fully automated network access to remote networked devices. The device and system permits the remote access of a local network without any pre-configuration or administrative burden at the local network. Embodiments as described herein provide a “plug and play” option to insert a device into the local network and provide access to select target devices on the network, even non-routable devices, without first requiring dedicated host software or other administrative privileges or configurations be set at the local network.
- Embodiments as described herein may be applied to a virtual private network (“VPN”). The device and system may utilize a VPN tunnel call-back to initiate and configure the connection, thus alleviating the need for administrative overhead at the local network. Embodiments may also utilize low overhead and low bandwidth while maintaining high security. For example, encryption and secure tunneling may be employed to provide network security to the local network. Embodiments may also include a plug and play device located at the local network in conjunction with a remote server to permit the connection of multiple devices of one network to multiple devices from another network. The system and device may also permit the point to point connection between two separate devices. Embodiments of the system may also utilize network address translation (“NAT”) to handle conflict addressing on the local network of non-routable addresses.
- The drawings refer to embodiments of the invention in which:
-
FIG. 1 illustrates an embodiment of a system to access multiple local networks on a remote user through a server; -
FIG. 2 illustrates an embodiment of a hardware device to connect to local networks; -
FIG. 3A-B illustrates an exemplary communication process between the hardware device, server, and an end user; -
FIG. 4 illustrates an exemplary system utilizing a hardware device to connect a local network to remote users according to an embodiment of the invention; and -
FIG. 5A-B illustrates one or more application interfaces that permit a user to set desired control parameters for the local network connected through the hardware device. - While the invention is subject to various modifications and alternative forms, specific embodiments thereof have been shown by way of example in the drawings and will herein be described in detail. The invention should be understood to not be limited to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
- In the following description, numerous specific details are set forth, such as examples of specific data signals, named components, connections, networks, etc., in order to provide a thorough understanding of the present invention. It will be apparent, however, to one of ordinary skill in the art that the present invention may be practiced without these specific details. In other instances, well-known components or methods have not been described in detail but rather in a block diagram in order to avoid unnecessarily obscuring the present invention. Further specific numeric references such as first network, may be made. However, the specific numeric reference should not be interpreted as a literal sequential order but rather interpreted that the first network is different than a second network. Thus, the specific details set forth are merely exemplary. The specific details may be varied from and still be contemplated to be within the spirit and scope of the present invention.
- In general, various methods, and apparatuses are described that provide a system to access devices on a local network using a simple plug-in device at the local network without the need of administrative overhead at the local site. However, the invention is not so limited to a separate plug-in device. Embodiments as described herein including for the hardware device and/or server may be incorporated into one or more other hardware devices. The device may be incorporated into a local network to provide access to the device itself as well as other devices on the network. Alternatively, embodiments of the hardware device described herein may be incorporated into a device to provide remote access to a user connected to a network or directly to the Internet.
- The system generally utilizes a local plug-in device that is remotely followed by a server to permit multiple devices on multiple local networks to connect to other multiple users (many-to-many connection). The local plug-in device utilizes a call-back to create a virtual private network (“VPN”) tunnel with the remote server. Once the plug-in device is powered and connected to a local network or device, it may initiate a VPN to a home IP address associated with a server. Encryption may be overlaid to create a secure tunnel back to the local network. Once the tunnel is created, a remote user may remotely access the server and then any device made available through the plug-in device at the local network. The server provides a remote administrator various monitoring and set-up options, such as network address translations (“NAT”) to remotely handle the overlay of virtual addressing on otherwise non-accessible target devices.
- In one embodiment, a VPN connection is established from any location to a controlling location using a network attached device at the local premise accessing the internet over Port 443. A network attached device may be a hardware device installed at a location that may use Dynamic Host Configuration Protocol (“DHCP”) to obtain an Internet Protocol (“IP”) address and is connected over port 443 to an outside address designed in the physical device. The tunnel is established with Secure Web (HTTPS) and other service options to create an encrypted VPN.
-
FIG. 1 illustrates an embodiment of a system to access multiple local networks of a remote user through a server. Ahardware device 102 may be installed at alocal network 104. Thelocal network 104 may consist of a single computer or device or may be a network of devices that is contained within a building or area. Once connected to thenetwork 104, thehardware device 102 creates a VPN tunnel to aserver 106. Aremote user 108 may then access theserver 106 through a second VPN. The first and the second VPNs permit the user remote access to the devices on thelocal network 104. As illustrated inFIG. 1 , one or more local networks may utilize one or more hardware devices to create one or multiple VPNs connected to theserver 106.Server 106 may provide virtual addressing to provide access to multiple devices at multiple locations, even if the locations all have identical IP address schemes. Thesystem 100 provides connection to field sites with a tool that will improve security, assure a quality connection and reduce costs. - The
hardware device 102 provides a low-cost, high security, reliable VPN that is “plug-and-play.” Thehardware device 102 is connected to alocal network 104 and provides a miniaturized PC to create a VPN to a remote server. As illustrated inFIG. 2 ,hardware device 102 may include a power source and network connection capability. Thehardware device 102 may include security features through software or hardware to prevent tampering or attempted hacking, such that the device will not work or initiate if modified. - Referring to
FIG. 2 , thehardware device 102 includes anAC Power Plug 202 to plug into a wall outlet. TheAC Power Plug 202 provides power to the plug-inhardware device 102. Thehardware device 102 may also include anetwork port 204 to connect the device to a device or network. Thehardware device 102 may also include one or more indicators (not shown), to indicate the status of the device. The indicator (not shown), for example, may be an LED that flashes at a set rate or at a specified color depending on the status of the device, e.g. initializing, transmitting, receiving, idle, or not connected. - The device may also include a
secondary port 206 to provide alternate connectivity to thehardware device 102. For example,secondary port 206 may be a USB port used to connect to non-network technology including communication technologies such as GSM. Such connectivity may be used when there is no Internet connection or as a secondary communications path. - In an exemplary embodiment, the
hardware device 102 may be compact for easy delivery and installation at a local network site. Thehardware device 102 may include a PC, such as a 102 GHz CPU running a high performance Linux kernel with 1 GB memory and network access through a gigabit Ethernet port. Thehardware device 102 may be powered from a 2-prong standard 115V wall socket. The compact physical device brings a powerful computer in a great low cost package. - The
hardware device 102 may include an additional or alternative power source, network connection capabilities, or indicators. For example, a battery or other DC power source may be included in addition or as an alternative to the AC power source. One or more ports may be included to provide various network connections to the device. Other wired or wireless connections may be included or utilized separately or in combination to provide the hardware device access to the local network or to another device. -
FIG. 3A illustrates an exemplary communication process between thehardware device 102 andserver 106. - First,
step 302, the hardware device obtains an IP address to communicate over the network. Thehardware device 102 may be provided network access through a Dynamic Host Configuration Protocol (“DHCP”) server to assign the device a local IP Address. Alternatively, thehardware device 102 may be preconfigured with an assigned static IP address. - Once the hardware device is assigned an IP address,
step 304, the hardware device connects over the network to an identified IP address. In a preferred embodiment, the device connects over port 443 (HTTPS) to a pre-configured IP address. The pre-configured IP address directs the hardware device to a “home” location such as a host server that provides a catalog of the configuration data for each hardware device. For example, the pre-configured IP address is associated with a host server that includes the configuration parameters and certificates required for the hardware device. The device may connect over a different port, such as port 80 or a statically defined outbound network port. - The device is a “plug-and-play” device as it requires connection to a power source and the network as the only administrative set-up overhead. The device initiates a call-back routine so that it automatically attempts to connect to a pre-configured IP address, or “home”. Once the connection is made, additional security may be overlaid to create a secure tunnel between the device and “home”, i.e. the host server.
- Once connected,
step 306, the hardware device obtains the configuration parameters associated from the host server. The hardware device includes memory to store the pre-configured IP address as well as the obtained configuration parameters and certificates. - After receiving the configuration parameters,
step 308, the hardware device terminates the configuration connection, and connects to the IP address of a desired server as provided in the received configuration parameters. For example, the hardware device may connect to an identified IP address over port 443 (HTTPS) to form the encrypted tunnel to the server. Once a tunnel is configured and established, an indicator light may signal to the installer that the communication connection is complete and active. - As described above, use of port 443 is preferred to create a secure and encrypted tunnel to a server using HTTPS. Alternatively, port 80 or other defined port may be used to create the connection.
-
FIG. 3B illustrates an exemplary communication process between theremote user 108 and theserver 106 and ultimately to devices on alocal network 104 through thehardware device 102. -
Step 312, a user may connect to the server connected to the hardware device. The connection may be through a Windows VPN client. For example, the user may launch a web-browser and enter a URL to navigate to a web controller page. The connection may be through a PPTP VPN tunnel to provide secured access to the device. Security access controls may be incorporated into the connection to the server. For example, the host server may identify the user and controls access to any field devices before a connection is authorized. A user may alternatively use Microsoft PPTP client built into Windows to create a VPN to the hardware device through the server. A combination of connections may also be implemented, such that for example, an administrator may use the URL to create a secure tunnel, while a user attempting access to a remote device only may use the Microsoft client for simplicity. - Once a connection is established,
step 314, a user may have access through the server to the devices of the local network coupled to the hardware device. Based on a user's rights, they may have network connectivity to one or more devices on a monitored local network of the hardware device. In an exemplary embodiment, a remote user may access the server, for example for administration and configuration of locations and users, through a web portal. -
FIG. 4 illustrates anexemplary system 400 utilizing ahardware device 402 to connect alocal network 404 to remote users 408. Professional IP device monitoring and VPN access offerings may be combined to create a tool for system integrators. To further remove the administrative overhead for creating a VPN, the server may be hosted as a service. In this embodiment, thehardware device 402 is configured to call a Network Operations Center (NOC) 406 to create the secure VPN to remote users. As described above, thehardware device 402 may utilize a call-back with secure tunneling to create a VPN 410 between thelocal network 404 and the NOC 406 through thehardware device 402 and a server at the NOC 406. Typically, a VPN is established between a point-to-point, such that only a single user is connected. Providing the connection between the hardware device and a server permits a many-to-many connection between the devices of the local network and the remote users. Monitoring may also be provided through the NOC 406. Thehardware 402 executes device monitoring tests reported to the NOC 406. Devices on thelocal network 404, such as cameras, DVRs, routers, switches, etc. maybe tracked and tested with standard checks, including ping test. Therefore, one or more remote users 408 may then access thelocal network 404 and selected devices by connecting to the NOC 406 through a second VPN 412. - In this embodiment, the
hardware device 402 provides access for remote users to a local network with limited network administrator involvement. To deploy, thehardware device 402 is provided power and network access. For example, thehardware device 402 may be plugged in through an AC power adapter and connected to a network through a network cable, as described above. Thehardware device 402 may include an indicator to provide the status of the device. For example, once initialization is complete, an LED may light blue and pulse to indicate that the connection is complete and active. Once connected, thehardware device 402 permits access to selected devices on the local network through the NOC 406. Network administrators may then impose any access, encryption, or activity rules by accessing the NOC 406. No physical presence of the Network administrator is required at the local network. Further, no installation of software or complicated network machinery is required at the local network site. Thehardware device 402 may not store passcodes or data directly on the device to reduce or limit the actual set up of the hardware on site of the local network. - A remote user 412 may access the NOC 406 through a web portal. Users and user groups may be established through the NOC 406. User profiles may be stored in secure servers at the NOC 406 to provide additional information security and provide access from any location. The user profile may define which device on the local network can be accessed by any group or individual user. Once secure user access is established, the user does not need to register for site access, but can move freely among locations. Access may be granted to a remote user from any device, such as a laptop, PC, mobile device, handheld, or other smart device supporting workplace VPN connections. To maintain security, the cross-connection from user to local network is maintained through the NOC 406. The VPN connections to and from the NOC 406 may be firewalled and transactions recorded for maintenance, review, or monitoring.
- The
system 400 provides firewalled VPN activity and recordable transactions. A remote user is provided access to a local network through an encrypted tunnel over port 443/tcp, with a self-signed certificate with full revoke and reissue capabilities. The access is additionally provided via RSA Key 1024 bit and MD5 hashing. - Referring to
FIG. 5 , the server may include one or more applications that permit a user to set desired control parameters for the local network connected through the hardware device. The control applications generally depicted inFIG. 5 may be separated into a master controller and navigator controller so that certain functions may be provided to a client as a hosted system or service, such as the system set up depicted inFIG. 4 . Such an option may further reduce the administrative requirements on the person or company seeking to create remote connectivity between sites. Alternatively, the master controller and navigator controller may be combined into a single control capability so that a single user may control the parameters of the local network at a remote site, such as described inFIG. 1 . The control applications assigned between the master controller and navigator controller as described below are exemplary, but may be configured in any combination to give a user the desired level of control of a remote location. -
FIG. 5A , illustrates exemplary parameters that a system controller may handle at a master controller level. The master controller may include creating parameters such as customer administration, hardware controller administration, and/or hardware administration. - In an exemplary embodiment, a master controller may assign a hardware device to a specific customer. Under the Customer Administration, the customer may be assigned an identity, an account code, such as for billing, and a code key required for customer login into the hardware controller, described below.
- Each hardware device may also be assigned a unique MAC address identified directly on the device and assigned to a specific customer through the hardware administration; the services allotted to that device may also be indicated, such as whether data monitoring is to occur on the target device connected by a specific hardware device of a customer. Therefore, a service provider may track a physical hardware device to a specific customer, and turn on and off specific features associated with the hardware device.
- Each client may be assigned with a host address so that when a hardware device is initiated, it obtains the location, permissions, and certificates required to connect to the desired host server. For example, the hardware device will create a secure tunnel to the master controller to obtain the required credentials to then connect to a desired client location. The host address, i.e. second address connected, may be associated through the Hardware Controller Administration. The hardware device may be configured so that whenever it is powered on, it contacts the master controller to obtain an identity, permissions, and location for final connectivity.
-
FIG. 5B , illustrates exemplary parameters that a local client controller may handle at a hardware device controller level. Information, configuration, installation, and/or set-up protocols, commands, instructions, etc. downloadable to the hardware device may be provided through the hardware device controller level. Various access levels and group identities may also be handled through the hardware device controller level. - In an exemplary embodiment, an administrator may set up a Hardware Controller Administration to identify the client, and provide a code key that the client may use to access the local network connection through the hardware device. One or more host sites, IP addresses, may be provided that the hardware device ultimately connects to after obtaining the location from the initial host configuration site. The hardware device may download one or more IP addresses to ultimately create the secure tunnel and provide access to users (i.e.,
Host Site 1 and 2). - One or more access levels may be provided to various users accessing target devices on the local network connected through the hardware device. For example, an administrator may have access to all target devices on the local network, while certain employees may have access to only limited devices. As such, various groups may be created and users assigned.
- A conflict of internal addressing may occur when one or more local networks are connected together. Local network addressing of one device may duplicate another address of a second device within the architecture of the total access capability desired by the disclosed invention. Therefore, embodiments of the present invention provide for an overlay of virtual IP (VIP) addressing to handle the conflict of multiple devices. Accordingly, the server to which the device initially or ultimately connects may include a Network Addressing Translation (NAT) between a device of a local network identified through a specific hardware device and a VIP used to identify the target device external the local network. Therefore, each IP of a local network may be paired or overlaid with a corresponding VIP that is unique and addressable from external the local network. Accordingly, the hardware device controller may also permit the overlay of a VIP to an IP of a target device on the local network. Accordingly, the hardware device controller may include a NAT table to identify a specific device on the local network to a VIP addressable outside of the local network.
- Various reports and logs may also be maintained at a user, group, or device level so that an administrator may determine use and activity. A users log-in and log-out time, as well as active duration, VPN port, client host, destination host, protocol, etc. may be logged, searched, reported, etc. as necessary.
- The above processes may be implemented by software code written in a given programming language, hardware logic components and other electrical circuits, or some combination of both. For example, discussions of a device configured for, capable of, or programmed to perform a task may be implemented in either software, hardware, or a combination of both.
- Accordingly, in an embodiment, the software used to facilitate the algorithms discussed above can be embodied onto a machine-readable medium. A machine-readable medium includes any mechanism that provides (e.g., stores and/or transmits) information in a form readable by a machine (e.g., a computer). For example, a machine-readable medium includes read only memory (ROM); random access memory (RAM); magnetic disk storage media; optical storage media; flash memory devices; Digital VideoDisc (DVD's), EPROMs, EEPROMs, FLASH memory, magnetic or optical cards, or any type of media suitable for storing electronic instructions.
- Some portions of the detailed descriptions above are presented in terms of algorithms and symbolic representations of operations on data bits within a computer's memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like. These algorithms may be written in a number of different software programming languages. Also, an algorithm may be implemented with lines of code in software, configured logic gates in software, or a combination of both.
- It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the above discussions, it is appreciated that throughout the description, discussions utilizing terms such as “processing,” “computing,” “calculating,” “determining,” “displaying” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system registers and memories into other data similarly represented as physical quantities within the computer system memories or registers, or other such information storage, transmission or display devices.
- In an embodiment, the logic consists of electronic circuits that follow the rules of Boolean Logic, software that contains patterns of instructions, or any combination of both.
- While some specific embodiments of the invention have been shown, the invention is not to be limited to these embodiments. For example, most functions performed by electronic hardware components may be duplicated by software emulation. Thus, a software program written to accomplish those same functions may emulate the functionality of the hardware components in input-output circuitry. The invention is to be understood as not limited by the specific embodiments described herein, but only by scope of the appended claims.
Claims (18)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/855,251 US20160006820A1 (en) | 2011-01-10 | 2015-09-15 | Encrypted VPN Connection |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161431276P | 2011-01-10 | 2011-01-10 | |
US13/345,515 US9143480B2 (en) | 2011-01-10 | 2012-01-06 | Encrypted VPN connection |
US14/855,251 US20160006820A1 (en) | 2011-01-10 | 2015-09-15 | Encrypted VPN Connection |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/345,515 Continuation US9143480B2 (en) | 2011-01-10 | 2012-01-06 | Encrypted VPN connection |
Publications (1)
Publication Number | Publication Date |
---|---|
US20160006820A1 true US20160006820A1 (en) | 2016-01-07 |
Family
ID=46456115
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/345,515 Active 2032-02-24 US9143480B2 (en) | 2011-01-10 | 2012-01-06 | Encrypted VPN connection |
US14/855,251 Abandoned US20160006820A1 (en) | 2011-01-10 | 2015-09-15 | Encrypted VPN Connection |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/345,515 Active 2032-02-24 US9143480B2 (en) | 2011-01-10 | 2012-01-06 | Encrypted VPN connection |
Country Status (1)
Country | Link |
---|---|
US (2) | US9143480B2 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130282190A1 (en) * | 2012-04-24 | 2013-10-24 | General Electric Company | System and method for configuration and management of power plant assets |
CA3073419C (en) | 2013-01-02 | 2023-11-21 | Skycasters, Llc | Systems and methods for providing a renat communications environment facilitating communications between a user workstation and a private network |
US9276847B2 (en) | 2013-01-02 | 2016-03-01 | Acceleration Systems, LLC | Systems and methods for providing a ReNAT virtual private network |
US9391959B2 (en) * | 2013-01-15 | 2016-07-12 | Cisco Technology, Inc. | Automated control plane for limited user destruction |
KR102118002B1 (en) * | 2013-07-26 | 2020-06-02 | 삼성전자주식회사 | Method for communication using ip address eschanged via near field communication and apparatus for the same |
US9210129B2 (en) | 2014-02-06 | 2015-12-08 | Acceleration Systems, LLC | Systems and methods for providing a multiple secure link architecture |
US10771439B2 (en) | 2017-06-28 | 2020-09-08 | Microsoft Technology Licensing, Llc | Shielded networks for virtual machines |
US10979395B2 (en) | 2019-04-16 | 2021-04-13 | Fortinet, Inc. | Automatic virtual private network (VPN) establishment |
US11784973B2 (en) | 2021-08-17 | 2023-10-10 | Duskrise Inc. | Edge-based enterprise network security appliance and system |
US11729148B1 (en) * | 2022-09-04 | 2023-08-15 | Uab 360 It | Optimized utilization of internet protocol addresses in a virtual private network |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020069278A1 (en) * | 2000-12-05 | 2002-06-06 | Forsloew Jan | Network-based mobile workgroup system |
US20040162992A1 (en) * | 2003-02-19 | 2004-08-19 | Sami Vikash Krishna | Internet privacy protection device |
US20080037557A1 (en) * | 2004-10-19 | 2008-02-14 | Nec Corporation | Vpn Getaway Device and Hosting System |
US20080201486A1 (en) * | 2007-02-21 | 2008-08-21 | Array Networks, Inc. | Dynamic system and method for virtual private network (VPN) packet level routing using dual-NAT method |
US20080248794A1 (en) * | 2007-04-03 | 2008-10-09 | Ricoh Company, Ltd. | Configuration and management of wireless network devices |
US20080263654A1 (en) * | 2007-04-17 | 2008-10-23 | Microsoft Corporation | Dynamic security shielding through a network resource |
US20090323718A1 (en) * | 2008-05-02 | 2009-12-31 | General Electric Company | System and method to secure communications over a public network |
US20100054250A1 (en) * | 2005-12-08 | 2010-03-04 | Freebit Co., Ltd. | Relay apparatus and method for connecting client device with server |
US20100180016A1 (en) * | 2006-05-19 | 2010-07-15 | Belden Inc. | Automated network device configuration and network deployment |
US20110138058A1 (en) * | 2004-05-20 | 2011-06-09 | Atsuki Ishida | Server for routing connection to client device |
US7965701B1 (en) * | 2004-09-30 | 2011-06-21 | Avaya Inc. | Method and system for secure communications with IP telephony appliance |
US8881261B1 (en) * | 2010-06-29 | 2014-11-04 | F5 Networks, Inc. | System and method for providing proactive VPN establishment |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5974453A (en) * | 1997-10-08 | 1999-10-26 | Intel Corporation | Method and apparatus for translating a static identifier including a telephone number into a dynamically assigned network address |
US7058973B1 (en) * | 2000-03-03 | 2006-06-06 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
US7353280B2 (en) * | 2000-03-17 | 2008-04-01 | Aol Llc, A Delaware Limited Liability Company | Home-networking |
WO2002061599A1 (en) * | 2001-01-25 | 2002-08-08 | Crescent Networks, Inc. | Extension of address resolution protocol (arp) for internet protocol (ip) virtual networks |
AU2002340023A1 (en) * | 2001-09-24 | 2003-04-07 | Rumi Sheryar Gonda | Method for supporting ethernet mac circuits |
US7099319B2 (en) * | 2002-01-23 | 2006-08-29 | International Business Machines Corporation | Virtual private network and tunnel gateway with multiple overlapping, remote subnets |
US20030217126A1 (en) * | 2002-05-14 | 2003-11-20 | Polcha Andrew J. | System and method for automatically configuring remote computer |
US7561587B2 (en) * | 2002-09-26 | 2009-07-14 | Yhc Corporation | Method and system for providing layer-4 switching technologies |
WO2004058403A2 (en) * | 2002-12-24 | 2004-07-15 | Samrat Vasisht | Method, system and device for automatically configuring a communications network |
KR100512959B1 (en) * | 2003-04-12 | 2005-09-07 | 삼성전자주식회사 | Multi home service system |
EP1667382A4 (en) * | 2003-09-11 | 2006-10-04 | Fujitsu Ltd | Packet relay device |
US8085695B2 (en) * | 2005-01-25 | 2011-12-27 | Intel Corporation | Bootstrapping devices using automatic configuration services |
US7814541B1 (en) * | 2006-05-19 | 2010-10-12 | Array Networks, Inc. | Virtual routing for virtual local area networks having overlapping IP addresses |
CN100579072C (en) * | 2006-12-22 | 2010-01-06 | 华为技术有限公司 | Method and system for communication between IP devices |
CA2585808A1 (en) * | 2007-03-26 | 2008-09-26 | David Ker | Method and system for implementing a secured and centrally managed virtual ip network on a common ip network infrastructure |
WO2009055717A1 (en) * | 2007-10-24 | 2009-04-30 | Jonathan Peter Deutsch | Various methods and apparatuses for a central station to allocate virtual ip addresses |
KR101499551B1 (en) * | 2008-03-31 | 2015-03-18 | 삼성전자주식회사 | UPnP apparatus for resolving network address collision to consider remote access and method thereof |
US8270417B2 (en) * | 2008-06-04 | 2012-09-18 | Telefonaktiebolaget L M Ericsson (Publ) | Access network node and method for access network node |
TWI449373B (en) * | 2008-06-11 | 2014-08-11 | Asustek Comp Inc | Management method of local area network and device thereof |
US8019837B2 (en) * | 2009-01-14 | 2011-09-13 | International Business Machines Corporation | Providing network identity for virtual machines |
US7941551B2 (en) * | 2009-02-25 | 2011-05-10 | Microsoft Corporation | Tunneling of remote desktop sessions through firewalls |
US8289975B2 (en) * | 2009-06-22 | 2012-10-16 | Citrix Systems, Inc. | Systems and methods for handling a multi-connection protocol between a client and server traversing a multi-core system |
JP4802295B1 (en) * | 2010-08-31 | 2011-10-26 | 株式会社スプリングソフト | Network system and virtual private connection forming method |
US20140019639A1 (en) * | 2011-03-31 | 2014-01-16 | Hiroshi Ueno | Computer system and communication method |
CN107342991B (en) * | 2011-07-08 | 2021-12-24 | 威尔耐特斯公司 | Dynamic VPN address allocation |
WO2013117166A1 (en) * | 2012-02-08 | 2013-08-15 | Hangzhou H3C Technologies Co., Ltd. | Implement equal cost multiple path of trill network |
US9325562B2 (en) * | 2012-05-15 | 2016-04-26 | International Business Machines Corporation | Overlay tunnel information exchange protocol |
TWI493946B (en) * | 2013-01-18 | 2015-07-21 | Gemtektechnologyco Ltd | Virtual private network communication system, routing device and method thereof |
-
2012
- 2012-01-06 US US13/345,515 patent/US9143480B2/en active Active
-
2015
- 2015-09-15 US US14/855,251 patent/US20160006820A1/en not_active Abandoned
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020069278A1 (en) * | 2000-12-05 | 2002-06-06 | Forsloew Jan | Network-based mobile workgroup system |
US20040162992A1 (en) * | 2003-02-19 | 2004-08-19 | Sami Vikash Krishna | Internet privacy protection device |
US20110138058A1 (en) * | 2004-05-20 | 2011-06-09 | Atsuki Ishida | Server for routing connection to client device |
US7965701B1 (en) * | 2004-09-30 | 2011-06-21 | Avaya Inc. | Method and system for secure communications with IP telephony appliance |
US20080037557A1 (en) * | 2004-10-19 | 2008-02-14 | Nec Corporation | Vpn Getaway Device and Hosting System |
US20100054250A1 (en) * | 2005-12-08 | 2010-03-04 | Freebit Co., Ltd. | Relay apparatus and method for connecting client device with server |
US20100180016A1 (en) * | 2006-05-19 | 2010-07-15 | Belden Inc. | Automated network device configuration and network deployment |
US20080201486A1 (en) * | 2007-02-21 | 2008-08-21 | Array Networks, Inc. | Dynamic system and method for virtual private network (VPN) packet level routing using dual-NAT method |
US20080248794A1 (en) * | 2007-04-03 | 2008-10-09 | Ricoh Company, Ltd. | Configuration and management of wireless network devices |
US20080263654A1 (en) * | 2007-04-17 | 2008-10-23 | Microsoft Corporation | Dynamic security shielding through a network resource |
US20090323718A1 (en) * | 2008-05-02 | 2009-12-31 | General Electric Company | System and method to secure communications over a public network |
US8881261B1 (en) * | 2010-06-29 | 2014-11-04 | F5 Networks, Inc. | System and method for providing proactive VPN establishment |
Non-Patent Citations (4)
Title |
---|
Aboba et al., "Detecting Network Attachment in IPv4 (DNAv4)", March 2006, Network Working Group, Request for Comments: 4436, pg. 1-15. * |
Droms, "Dynamic Host Configuration Protocol", March 1997, Network Working Group, Request for Comments: 2131, pg. 1-45. * |
Finlayson et al., A Reverse Address Resolution Protocol, June 1984, Network Working Group, Request for Comments: 903, pg. 1-4. * |
K. Hamzeh, et al., "Point-to-Point Tunneling Protocol (PPTP)", July 1999, Network Working Group, Request for Comments: 2637, Pages 1-57. * |
Also Published As
Publication number | Publication date |
---|---|
US9143480B2 (en) | 2015-09-22 |
US20120179831A1 (en) | 2012-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9143480B2 (en) | Encrypted VPN connection | |
US9680704B2 (en) | Compact and integrated key controller apparatus for monitoring networks | |
US11356417B2 (en) | Private cloud routing server connection mechanism for use in a private communication architecture | |
US11075821B2 (en) | Method and apparatus for managing field device based on cloud server | |
JP5318111B2 (en) | Various methods and apparatus for a central management station for automatically distributing configuration information to remote devices | |
US7181542B2 (en) | Method and system for managing and configuring virtual private networks | |
US9438596B2 (en) | Systems and methods for secured global LAN | |
US7653746B2 (en) | Routable network subnet relocation systems and methods | |
JP2005518117A (en) | How to initiate a connection through a firewall and NAT | |
US10735387B2 (en) | Secured network bridge | |
CN113542389A (en) | Private cloud routing server connection mechanism for private communication architecture | |
US9118588B2 (en) | Virtual console-port management | |
CN112039905A (en) | Network communication method and device based on reverse connection, electronic equipment and medium | |
CN102158567B (en) | Equipment configuration method, strategic server and network address translation apparatus | |
JP2005341084A (en) | Vpn system, remote terminal, and remote access communication method used for vpn system and remote terminal | |
KR102351795B1 (en) | Method for remote managing network devices in cloud platform and cloud terminal control server using them | |
CN113923149B (en) | Network access method, device, network system, electronic equipment and storage medium | |
KR101690498B1 (en) | Method for setting network configuration and switch and computer-readable recording medium using the same | |
CN108306792B (en) | Method, device and system for testing VPN function of equipment and test equipment | |
US11677743B2 (en) | Ethernet key | |
KR20210156949A (en) | Router with selective VPN connection function of terminal and VPN connection method of terminal using the same | |
Zientara | Learn pfSense 2.4: Get up and running with Pfsense and all the core concepts to build firewall and routing solutions | |
KR102103484B1 (en) | Method and system for providing intranet service by customer using virtual networking technology | |
Moskal | Performing a Penetration Test on a Storage Network | |
Deka et al. | Virtual Network With Virtual Router/Firewall Using Endian Firewall Community (EFW) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
AS | Assignment |
Owner name: TPG SPECIALTY LENDING, INC., AS COLLATERAL AGENT, Free format text: GRANT OF A SECURITY INTEREST -- PATENTS;ASSIGNOR:SECURE GLOBAL SOLUTIONS, LLC;REEL/FRAME:048414/0636 Effective date: 20190222 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE |
|
AS | Assignment |
Owner name: SECURE GLOBAL SOLUTIONS, LLC, COLORADO Free format text: RELEASE (REEL 048414/FRAME 0636);ASSIGNOR:CORTLAND CAPITAL MARKET SERVICES LLC;REEL/FRAME:050188/0689 Effective date: 20190823 |